|
|
|
|
@ -91,6 +91,127 @@ func TestLdapAuther(t *testing.T) { |
|
|
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
Convey("When syncing ldap groups to grafana org roles", t, func() { |
|
|
|
|
|
|
|
|
|
ldapAutherScenario("given no current user orgs", func(sc *scenarioContext) { |
|
|
|
|
ldapAuther := NewLdapAuthenticator(&LdapServerConf{ |
|
|
|
|
LdapGroups: []*LdapGroupToOrgRole{ |
|
|
|
|
{GroupDN: "cn=users", OrgRole: "Admin"}, |
|
|
|
|
}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
sc.userOrgsQueryReturns([]*m.UserOrgDTO{}) |
|
|
|
|
_, err := ldapAuther.GetGrafanaUserFor(nil, &LdapUserInfo{ |
|
|
|
|
MemberOf: []string{"cn=users"}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
Convey("Should create new org user", func() { |
|
|
|
|
So(err, ShouldBeNil) |
|
|
|
|
So(sc.addOrgUserCmd, ShouldNotBeNil) |
|
|
|
|
So(sc.addOrgUserCmd.Role, ShouldEqual, m.ROLE_ADMIN) |
|
|
|
|
}) |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
ldapAutherScenario("given different current org role", func(sc *scenarioContext) { |
|
|
|
|
ldapAuther := NewLdapAuthenticator(&LdapServerConf{ |
|
|
|
|
LdapGroups: []*LdapGroupToOrgRole{ |
|
|
|
|
{GroupDN: "cn=users", OrgId: 1, OrgRole: "Admin"}, |
|
|
|
|
}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
sc.userOrgsQueryReturns([]*m.UserOrgDTO{{OrgId: 1, Role: m.ROLE_EDITOR}}) |
|
|
|
|
_, err := ldapAuther.GetGrafanaUserFor(nil, &LdapUserInfo{ |
|
|
|
|
MemberOf: []string{"cn=users"}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
Convey("Should update org role", func() { |
|
|
|
|
So(err, ShouldBeNil) |
|
|
|
|
So(sc.updateOrgUserCmd, ShouldNotBeNil) |
|
|
|
|
So(sc.updateOrgUserCmd.Role, ShouldEqual, m.ROLE_ADMIN) |
|
|
|
|
}) |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
ldapAutherScenario("given current org role is removed in ldap", func(sc *scenarioContext) { |
|
|
|
|
ldapAuther := NewLdapAuthenticator(&LdapServerConf{ |
|
|
|
|
LdapGroups: []*LdapGroupToOrgRole{ |
|
|
|
|
{GroupDN: "cn=users", OrgId: 1, OrgRole: "Admin"}, |
|
|
|
|
}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
sc.userOrgsQueryReturns([]*m.UserOrgDTO{ |
|
|
|
|
{OrgId: 1, Role: m.ROLE_EDITOR}, |
|
|
|
|
{OrgId: 2, Role: m.ROLE_EDITOR}, |
|
|
|
|
}) |
|
|
|
|
_, err := ldapAuther.GetGrafanaUserFor(nil, &LdapUserInfo{ |
|
|
|
|
MemberOf: []string{"cn=users"}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
Convey("Should remove org role", func() { |
|
|
|
|
So(err, ShouldBeNil) |
|
|
|
|
So(sc.removeOrgUserCmd, ShouldNotBeNil) |
|
|
|
|
}) |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
ldapAutherScenario("given org role is updated in config", func(sc *scenarioContext) { |
|
|
|
|
ldapAuther := NewLdapAuthenticator(&LdapServerConf{ |
|
|
|
|
LdapGroups: []*LdapGroupToOrgRole{ |
|
|
|
|
{GroupDN: "cn=admin", OrgId: 1, OrgRole: "Admin"}, |
|
|
|
|
{GroupDN: "cn=users", OrgId: 1, OrgRole: "Viewer"}, |
|
|
|
|
}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
sc.userOrgsQueryReturns([]*m.UserOrgDTO{{OrgId: 1, Role: m.ROLE_EDITOR}}) |
|
|
|
|
_, err := ldapAuther.GetGrafanaUserFor(nil, &LdapUserInfo{ |
|
|
|
|
MemberOf: []string{"cn=users"}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
Convey("Should update org role", func() { |
|
|
|
|
So(err, ShouldBeNil) |
|
|
|
|
So(sc.removeOrgUserCmd, ShouldBeNil) |
|
|
|
|
So(sc.updateOrgUserCmd, ShouldNotBeNil) |
|
|
|
|
}) |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
ldapAutherScenario("given multiple matching ldap groups", func(sc *scenarioContext) { |
|
|
|
|
ldapAuther := NewLdapAuthenticator(&LdapServerConf{ |
|
|
|
|
LdapGroups: []*LdapGroupToOrgRole{ |
|
|
|
|
{GroupDN: "cn=admins", OrgId: 1, OrgRole: "Admin"}, |
|
|
|
|
{GroupDN: "*", OrgId: 1, OrgRole: "Viewer"}, |
|
|
|
|
}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
sc.userOrgsQueryReturns([]*m.UserOrgDTO{{OrgId: 1, Role: m.ROLE_ADMIN}}) |
|
|
|
|
_, err := ldapAuther.GetGrafanaUserFor(nil, &LdapUserInfo{ |
|
|
|
|
MemberOf: []string{"cn=admins"}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
Convey("Should take first match, and ignore subsequent matches", func() { |
|
|
|
|
So(err, ShouldBeNil) |
|
|
|
|
So(sc.updateOrgUserCmd, ShouldBeNil) |
|
|
|
|
}) |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
ldapAutherScenario("given multiple matching ldap groups and no existing groups", func(sc *scenarioContext) { |
|
|
|
|
ldapAuther := NewLdapAuthenticator(&LdapServerConf{ |
|
|
|
|
LdapGroups: []*LdapGroupToOrgRole{ |
|
|
|
|
{GroupDN: "cn=admins", OrgId: 1, OrgRole: "Admin"}, |
|
|
|
|
{GroupDN: "*", OrgId: 1, OrgRole: "Viewer"}, |
|
|
|
|
}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
sc.userOrgsQueryReturns([]*m.UserOrgDTO{}) |
|
|
|
|
_, err := ldapAuther.GetGrafanaUserFor(nil, &LdapUserInfo{ |
|
|
|
|
MemberOf: []string{"cn=admins"}, |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
Convey("Should take first match, and ignore subsequent matches", func() { |
|
|
|
|
So(err, ShouldBeNil) |
|
|
|
|
So(sc.addOrgUserCmd.Role, ShouldEqual, m.ROLE_ADMIN) |
|
|
|
|
}) |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
Convey("When calling SyncUser", t, func() { |
|
|
|
|
|
|
|
|
|
mockLdapConnection := &mockLdapConn{} |
|
|
|
|
|
Dan Cech
7 years ago